#!/bin/sh #------------------------------------------------------------------------------ # /etc/rc.d/rc460.dropbear - configure dropbear __FLI4LVER__ # # Creation: 07.12.2000 fm # Last Update: $Id$ #------------------------------------------------------------------------------ if [ "$OPT_SSHD" = "yes" ] then begin_script SSHD "starting sshd daemon..." cat <<-EOF>>/etc/services ssh 22/tcp ssh 22/udp telnet 23/tcp EOF : ${SSHD_PORT:=22} : ${SSHD_ALLOWPASSWORDLOGIN:=yes} if [ 0$SSH_CLIENT_PRIVATE_KEYFILE_N -gt 0 ] then keys= for i in $(seq 1 $SSH_CLIENT_PRIVATE_KEYFILE_N) do eval keys=\"\$keys -i /etc/ssh/\$SSH_CLIENT_PRIVATE_KEYFILE_$i\" done { echo "#!/bin/sh" echo "dbclient $keys \"\$@\"" } > /usr/bin/ssh chmod +x /usr/bin/ssh fi # make links for multicall binary ln -s /usr/sbin/dropbear /usr/bin/dropbearconvert ln -s /usr/sbin/dropbear /usr/bin/dropbearkey ln -s /usr/sbin/dropbear /usr/bin/scp mkdir /.ssh cd /.ssh [ 0"$SSHD_PUBLIC_KEY_N" -eq 0 ] || for idx in `seq 1 $SSHD_PUBLIC_KEY_N` do eval key='$SSHD_PUBLIC_KEY_'$idx echo $key >> authorized_keys done for pf in /etc/ssh/* do if grep -q -e "^-----BEGIN [D|R]SA PRIVATE KEY-----$" $pf then mk_writable $pf dropbearconvert openssh dropbear $pf $pf >/dev/null 2>&1 fi done if [ -e /etc/ssh/known_hosts ] then mv /etc/ssh/known_hosts /.ssh fi if [ -e /etc/plink/sshhostkeys ] then mv /etc/plink /.putty chmod 700 /.putty fi [ 0"$SSHD_PUBLIC_KEYFILE_N" -eq 0 ] || for idx in `seq 1 $SSHD_PUBLIC_KEYFILE_N` do eval kfn='$SSHD_PUBLIC_KEYFILE_'$idx grep "^ssh-[rd]s[as] " /etc/ssh/$kfn >/dev/null 2>/dev/null [ "$?" -eq 0 ] && cat /etc/ssh/$kfn >> authorized_keys grep "SSH2 PUBLIC KEY" /etc/ssh/$kfn >/dev/null 2>/dev/null if [ "$?" -eq 0 ] then grep "dsa-key" /etc/ssh/$kfn >/dev/null 2>/dev/null [ "$?" -eq 0 ] && keytype=ssh-dss || keytype=ssh-rsa echo "$keytype `sed -e 's/^----.*$//g' -e 's/^Comment.*$//g' -e 's/^\n//g' -e 's/^[ ]*$//g' /etc/ssh/$kfn|tr -d '\012'`" >> authorized_keys fi rm -f /etc/ssh/$kfn done [ -f /.ssh/authorized_keys ] && chmod 400 /.ssh/authorized_keys chmod 400 /etc/ssh/* 2>/dev/null NOPWDLOGIN= if [ "$SSHD_ALLOWPASSWORDLOGIN" = no ] then NOPWDLOGIN=-s log_info "sshd: only public key authentication allowed!" fi trap 1 dropbear $NOPWDLOGIN -p $SSHD_PORT trap "" 1 if [ "$SSHD_CREATEHOSTKEYS" = "yes" ] then mkdir -p /tmp/ssh { log_info "creating in the background new dropbear hostkeys in /tmp/ssh ..." dropbearkey -s 2048 -t rsa -f /tmp/ssh/dropbear_rsa_host_key dropbearkey -s 1024 -t dss -f /tmp/ssh/dropbear_dss_host_key dropbearkey -s 521 -t ecdsa -f /tmp/ssh/dropbear_ecdsa_host_key chmod 400 /tmp/ssh/* } & fi cd / end_script fi if [ "$OPT_SSH_CLIENT" = "yes" ] then begin_script SSH_CLIENT "setting up ssh client..." if [ 0$SSH_CLIENT_PRIVATE_KEYFILE_N -eq 0 ] then ln -s /usr/sbin/dropbear /usr/bin/ssh fi ln -s /usr/sbin/dropbear /usr/bin/dbclient end_script fi